Skip to content

Commit

Permalink
Properly hash user passwords on API creation
Browse files Browse the repository at this point in the history 
fixes #240

+ revert doodle change
  • Loading branch information
@JasonLovesDoggo
JasonLovesDoggo committed Jan 6, 2024
1 parent 4d2e3f4 commit 4eaf95b
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 18 deletions.
21 changes: 6 additions & 15 deletions core/api/views/objects/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,24 +137,17 @@ class NewSerializer(serializers.ModelSerializer):
max_length=30,
required=True,
)
password = serializers.CharField(required=True)

password = serializers.CharField(required=True, write_only=True)
# Default `create` and `update` behavior...
def create(self, validated_data) -> User:
user = User()
keys = [
"first_name",
"last_name",
"graduating_year",
"email",
"username",
"password",
]
for key in keys:
setattr(user, key, validated_data[key])
password = validated_data.pop("password")
user = User(**validated_data)
if validated_data["email"].endswith(settings.TEACHER_EMAIL_SUFFIX):
user.is_teacher = True
user.set_password(password)
user.save()
# if Group.objects.filter(name="Supervisors").exists():
# user.groups.add(Group.objects.get(name="Supervisors"))
return user

class Meta:
Expand All @@ -168,8 +161,6 @@ class Meta:
"password",
"bio",
"timezone",
"organizations",
"tags_following",
]


Expand Down
2 changes: 1 addition & 1 deletion core/models/post.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ class PostInteraction(models.Model):
settings.AUTH_USER_MODEL,
null=True,
blank=True,
on_delete=models.SET("[deleted]"),
on_delete=models.SET(None),
)

created_at = models.DateTimeField(auto_now_add=True, null=True)
Expand Down
4 changes: 2 additions & 2 deletions metropolis/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,6 @@


# SSO (OAuth) Settings
PKCE_REQUIRED = False
CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL = 5
CLEAR_EXPIRED_TOKENS_BATCH_SIZE = 500

Expand Down Expand Up @@ -472,10 +471,11 @@
SILENCED_SYSTEM_CHECKS = ["urls.W002"]

HIJACK_PERMISSION_CHECK = "core.utils.hijack.hijack_permissions_check"

ALLOWED_HIJACKERS = [746, 165] # Jason Cameron & Ken Shibata


DEFAULT_TIMEZONE = "UTC"
DEFAULT_TIMEZONE = "America/Toronto" # default timezone for users

ANNOUNCEMENT_APPROVAL_BCC_LIST = []

Expand Down

0 comments on commit 4eaf95b

Please sign in to comment.